Created
October 26, 2018 05:15
-
-
Save dominics/40c4c6a18963289baf57630aec549309 to your computer and use it in GitHub Desktop.
AWSAssumedRoleCredentialsProvider
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import com.amazonaws.auth.{ AWSCredentials, AWSCredentialsProvider } | |
import com.amazonaws.auth.profile.internal._ | |
import com.amazonaws.auth.profile.internal.securitytoken.STSProfileCredentialsServiceLoader | |
import com.amazonaws.profile.path.AwsProfileFileLocationProvider | |
import scala.collection.JavaConverters._ | |
object AWSAssumedRoleCredentialsProvider { | |
lazy private val profileName = AwsProfileNameLoader.INSTANCE.loadProfileName() | |
lazy private val configProfiles = BasicProfileConfigLoader.INSTANCE.loadProfiles( | |
AwsProfileFileLocationProvider.DEFAULT_CONFIG_LOCATION_PROVIDER.getLocation | |
).getProfiles.values().asScala | |
lazy private val credentialProfiles = BasicProfileConfigLoader.INSTANCE.loadProfiles( | |
AwsProfileFileLocationProvider.DEFAULT_CREDENTIALS_LOCATION_PROVIDER.getLocation | |
).getProfiles.values().asScala | |
lazy private val allProfiles = new AllProfiles( | |
(configProfiles ++ credentialProfiles) | |
.map(profile => new BasicProfile(profile.getProfileName.replaceFirst("^profile ", ""), profile.getProperties)) | |
.foldLeft[Map[String, BasicProfile]](Map.empty) { (profiles: Map[String, BasicProfile], profile: BasicProfile) => | |
profiles + (profile.getProfileName -> ( | |
if (!profiles.contains(profile.getProfileName)) { | |
println(s"Adding profile entry ${profile.getProfileName}") | |
profile | |
} else { | |
println(s"Merging profile entry between config/credentials (${profile.getProfileName})") | |
new BasicProfile(profile.getProfileName, (profiles(profile.getProfileName).getProperties.asScala ++ profile.getProperties.asScala).asJava) | |
} | |
)) | |
} | |
.asJava | |
) | |
/** | |
* Returns an assumed role credentials provider for the default profile, e.g. one specified by the AWS_PROFILE env var | |
*/ | |
def default: AWSCredentialsProvider = provider(profileName) | |
/** | |
* Returns an assumed role credentials provider for a named profile | |
*/ | |
def named(name: String): AWSCredentialsProvider = provider(name) | |
private def provider(name: String): AWSCredentialsProvider = { | |
val profile = allProfiles.getProfile(name) | |
if (profile == null) { | |
emptyProvider(name) | |
} else { | |
if (profile.isRoleBasedProfile) { | |
println(s"Found role based profile: $name from ${profile.getRoleArn}") | |
new ProfileAssumeRoleCredentialsProvider(STSProfileCredentialsServiceLoader.getInstance, allProfiles, profile) | |
} else { | |
new ProfileStaticCredentialsProvider(profile) | |
} | |
} | |
} | |
private def emptyProvider(name: String) = new AWSCredentialsProvider { | |
override def getCredentials: AWSCredentials = throw new IllegalArgumentException(s"No AWS profile named '$name'") | |
override def refresh(): Unit = () | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment